CORS ERROR ALREADY ENABLED CORS ON API GATEWAY

API GATEWAY

The Amazon API Gateway is an AWS application built to build, upload, manage, track and protect REST, HTTP, and WebSocket APIs on any size. As well as data stored in the AWS Cloud, Application developers can build Applications that control AWS or other cloud resources. As a developer of API Gateway APIs, you can build APIs for use of your own client applications. Or you can make the APIs visible to the device of the developers from third parties.

Why we need an API Gateway?

When you set up your web server and expose it to the internet, you are putting your server at risk of hacked by anyone.

What is CORS?

But first, let’s establish a few definitions. What is CORS anyway? CORS stands for Cross-Origin Resource Sharing, and it’s a protocol that allows servers to receive requests from different domains. To understand why CORS is necessary, it first helps to understand why it would be a problem to make a request from one domain to another in the first place.

Cross-domain requests in JavaScript are restricted by the same-origin policy, which is a security standard enforced by the browser. It states that scripts loaded on one domain can only request resources that originate from the same domain. The purpose of the same-origin policy is to prevent attacks by malicious scripts.

When we talk about cross-origin requests, we’re usually talking about requests from one domain or subdomain to a different domain or subdomain. But different protocols (for example HTTP vs HTTPS) or different ports can also constitute different origins.

The same-origin policy mainly comes into play when using methods like fetch or XMLHttpRequest to make an AJAX request. If you’re running a script on domain-one.com that calls out to a resource that’s also located on domain-one.com, you’re in the clear. But what if the resource you need is located on domain-two.com? Unless domain-two.com has enabled CORS to give domain-one.com permission to access its resources, the request will be blocked.

When we run the script, we see the familiar CORS error, indicating that the request was blocked:

Steps were taken to resolve the cors error

Integration response
The internal interface in the API Gateway of a WebSocket API route or REST API process, where you map the status codes, headers, and payload obtained from the backend to the address format returned to a client device.